HI, how many data base administrators we can create? (once we install mongo and start with mongo, it coles to the command line, the type use admin. And the I found that we can create as many as admin users here)
Once you know the server root un and pw, you can create many db admins?
Welcome to the MongoDB Community @Rajitha_Hewabandula !
For self-hosted MongoDB deployments there is no limit on the number of users you can create, but typically you would not want to have 100s of admin users with direct access to a deployment. For a general reference for the MongoDB server please refer to MongoDB Limits and Thresholds.
MongoDB Atlas has some Organisation and Project Limits including 100 database users and 500 Atlas users per project, but if you have additional requirements you could contact support. For related discussion, please see The 100 User Limit in Atlas - #5 by Stennie.
Regards,
Stennie
3 Likes
Many thanks for the swift response, Stennie.
I cant see any info. about how many database admins we can create in a production server. ( we are planning to move our mysql dbs to mongo very soon.). whats the maximum limit?
1 Like
The limitations are as per my earlier response: no limit for for self-hosted deployments, some documented limits for Atlas (which is a managed cloud service).
The MongoDB Limits and Thresholds documentation I shared is a general reference for the MongoDB server, but there’s no mention around users because these are not limited by the server. I believe this is similar to self-hosted MySQL. Limits on number of admin or database users might be imposed by managed services.
Out of curiosity, how many admin users do you anticipate needing?
Regards,
Stennie
hi @Stennie_X more than the number of admin users, my concern is, if the server root password is compromised, can a hacker create admin accounts (dbAdminAnyDatabases) and access databases?
If the server root password is compromised that user could create many user admins. There is no limit and any limit you could impose could be overridden by the root user.
1 Like
This question really isn’t specific to MongoDB: if an adversary is able to gain access to an account with escalated privileges they will have whatever access a trusted user with the same credentials has.
For example, if you are referring to root access for a server instance hosting a database deployment someone could start/stop/reconfigure services. There are many security best practices and tools to help reduce your exposure and proactively detect intrusion attempts.
For a list of security measures to consider for a MongoDB deployment, please review the MongoDB Security Checklist.
For guidance on securing your own environment including cloud instances, O/S, and other aspects you would have to consult with the relevant documentation for your infrastructure and tech stack. There are many security-focused sites like OWASP (the Open Web Application Security Project) that provide helpful tools and resources such as Secure Design Principles to follow.
Regards,
Stennie
4 Likes
This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.